- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.
For this week’s newsletter, I reached out to eIQnetworks’ Security and Compliance Evangelist, John Linkous. eIQnetworks is the maker of SecureVue, a comprehensive security, log management and compliance automation software package for the enterprise. The new 3.2 version of SecureVue offers a 6-tier scalable architecture, enabling the security product to manage global security for the world’s largest enterprises. With this architecture, SecureVue can process up to a million events per second.
In his role as evangelist, Linkous gets a worldwide perspective of network security issues. I asked him to share with us his five best practices for information security:
Know Your Assets. If you don’t know what you have, you can’t manage it. Consequently, it’s critical for information security managers to have complete, up-to-date knowledge of their information assets, from infrastructure devices, to servers and workstations, peripherals, and data repositories such as databases and e-mail systems. While most information security organizations can identify what they know about their technology assets, it’s just as critical for them to have visibility into what’s not expected: the new device that suddenly shows up on the network; the unexpected wireless access point; the unusual network protocols moving across the firewall. These unanticipated assets can introduce massive risks into the environment, including new attack vectors that can be exploited.
Reduce the “Noise Level” of Information Security Monitoring. Information security is a discipline based on discovering the unusual. While it’s easy to marshal the forces of an incident response team to address something obvious – say, a network worm that’s propagating throughout the environment – it’s not as easy to address seemingly more esoteric abnormalities, such as failed logons.
In a large enterprise on a typical Monday morning, security monitoring teams may see dozens, perhaps even hundreds of failed logons from employees who have “fat-fingered” their credentials. Unfortunately, most organizations don’t have the resources to track down each and every failed logon to determine if it was accidental or malicious. Instead, they acknowledge the event in their console – but of course, that’s not really security.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment